Is My Data Exposed If I Make Call to My Data From Client Side?

6 replies

Last updated: Feb 4, 2021

Hi, I have a security concern, maybe a stupid question but: is my data exposed if I make call to my dataset from front-end from client side?

Feb 4, 2021, 2:28 PM

Hi! is your dataset public or private?

Feb 4, 2021, 2:40 PM

If you are displaying it to the public then it is public

Feb 4, 2021, 2:43 PM

they're public, but if I don't have the host listed in CORS Origins, should I worry about someone pulling my data?

Feb 4, 2021, 3:35 PM

If the host is not listed in CORS Origins, your data cannot be pulled from client-side, but they can be easily pulled from server-side (or from client-side via a proxy). But as long as you're not storing confidential or gated/paid content, I wouldn't worry too much about it.

Feb 4, 2021, 3:40 PM

another way to think about it is: all information you display on a public website are scrapable and therefore public anyways. You are just making it a little easier for those bots that are going to show up anyways 🤖

Feb 4, 2021, 5:11 PM

Bots will ignore CORS, it's up to the HTTP client to enforce it.

Feb 4, 2021, 9:32 PM

Sanity– build remarkable experiences at scale

Sanity is a modern headless CMS that treats content as data to power your digital business. Free to get started, and pay-as-you-go on all plans.

Get started for free Explore the demo

Platform

Features

Use cases

Integrations

Learn

Build and share

Frameworks

Discover

Customer stories

Popular guides

Is My Data Exposed If I Make Call to My Data From Client Side?

Sanity– build remarkable experiences at scale

Was this answer helpful?